Estreetsecurity
Lead Cybersecurity Specialist (Pentesting) (Permanent – Onsite – New York, NY)
Estreetsecurity, New York, New York, us, 10261
An opportunity has come through our network for a
Lead Cybersecurity Specialist (Pentesting)
at one of NYC’s top law firms. This
permanent position , based
onsite in New York, NY , offers a competitive salary ranging from
$185,000 – $200,000 annually . This role is pivotal in safeguarding the organization’s digital infrastructure through proactive monitoring, threat detection, and advanced penetration testing of both cloud and on-premises environments. You’ll also support broader security operations and contribute to the deployment and maintenance of critical cybersecurity technologies across the firm. What You’ll Be Doing: Orchestrating Proactive Security and Threat Detection
As a Lead Cybersecurity Specialist with a strong focus on penetration testing, you will be at the forefront of the firm’s defense strategy. Your responsibilities will blend hands-on technical execution with strategic analysis and cross-functional collaboration to proactively identify and mitigate security risks. Monitor and Analyze Security Alerts and Logs:
You will meticulously
monitor and analyze security alerts and logs
from a wide array of sources. This includes data from
SIEM (Security Information and Event Management) systems ,
DLP (Data Loss Prevention) solutions ,
IDS/IPS (Intrusion Detection/Prevention Systems) ,
antivirus software ,
firewalls , and various
system logs . Your keen analytical skills will enable you to detect suspicious activity, anomalies, and potential threats to the firm’s digital infrastructure. Conduct Manual and Automated Penetration Testing:
You will lead the charge in
conducting both manual and automated penetration testing
across the firm’s diverse digital assets. This encompasses rigorous assessments of
web applications ,
APIs (Application Programming Interfaces) ,
networks ,
cloud platforms , and
mobile environments . Your hands-on testing will simulate real-world attacks to uncover vulnerabilities and assess risk exposure, providing a clear picture of the firm’s exploitable weaknesses. Simulate Real-World Attack Scenarios:
A critical aspect of your role will be to
simulate real-world attack scenarios
to uncover vulnerabilities and comprehensively assess the firm’s risk exposure. This proactive approach goes beyond basic scanning, diving deep into potential attack paths that might bypass standard defenses, thereby enhancing the firm’s overall resilience against sophisticated cyber threats. Develop Scripts and Automation Tools:
You will actively
develop scripts and automation tools
specifically designed to support testing and remediation efforts. This involves coding custom scripts (e.g., in Python, PowerShell) to automate vulnerability validation, streamline repetitive testing tasks, and facilitate the efficient remediation of identified security flaws, thereby increasing the effectiveness and scalability of the security team. Participate in Red Team Operations and Threat Modeling:
You will be a key participant in
red team operations , simulating adversarial tactics to test the firm’s defensive capabilities. You’ll also contribute to
threat modeling exercises , identifying potential threats and vulnerabilities in systems from a design perspective. Furthermore, you will engage in
collaborative purple team exercises , working with defensive teams to improve detection and response mechanisms based on offensive simulations. Assist in Configuring, Maintaining, and Troubleshooting Security Tools:
You will provide crucial assistance in
configuring, maintaining, and troubleshooting security tools and platforms . This includes ensuring that various cybersecurity solutions (e.g., SIEM, EDR, vulnerability scanners) are optimally configured, regularly updated, and functioning effectively to provide continuous protection and accurate threat intelligence. Enhance Monitoring Capabilities and Contribute to Framework:
You will play a vital role in continuously
enhancing monitoring capabilities
across the firm’s digital infrastructure. This involves identifying gaps in current monitoring, recommending new data sources, and helping to implement advanced detection mechanisms. You will also contribute to building and maintaining a robust
continuous security monitoring framework , ensuring constant vigilance over the firm’s security posture. Collaborate on Cybersecurity Initiatives:
You will foster strong relationships and
collaborate with internal teams
across the firm to support various cybersecurity initiatives. This partnership ensures that security measures are integrated seamlessly into business processes and technological deployments, and that all efforts align with overarching organizational objectives, embedding security into the firm’s DNA. What You Bring: Essential Skills and Qualifications for a Pentesting Leader
To excel as a Lead Cybersecurity Specialist (Pentesting), you’ll need extensive experience in offensive security, a deep understanding of cyber adversary tactics, and strong technical proficiency across various security domains and tools. Strong Understanding of Network Security Fundamentals:
You possess a
strong understanding of network protocols
(e.g., TCP/IP, DNS, HTTP), common
vulnerabilities
(e.g., misconfigurations, unpatched systems), various
attack vectors
(e.g., phishing, malware, brute force), and detailed
adversary tactics, techniques, and procedures (TTPs) . This comprehensive knowledge allows you to effectively identify and counter sophisticated threats. Proven Offensive Security Experience:
You have
proven experience in penetration testing, ethical hacking, or offensive security operations . This demonstrates your practical ability to simulate cyberattacks, identify exploitable weaknesses, and assess the firm’s security posture from an attacker’s perspective. Familiarity with Cybersecurity Frameworks and Standards:
You are familiar with key cybersecurity frameworks and standards such as
OWASP Top 10
(for web application security risks),
MITRE ATT&CK
(for adversary tactics and techniques),
CVSS (Common Vulnerability Scoring System)
for severity assessment, and common
exploitation techniques
(e.g., SQL injection, XSS, buffer overflows). This knowledge guides your testing and reporting. Proficiency with Security Test Tools:
You demonstrate
proficiency with industry-standard security test tooling . This includes hands-on experience with tools like
Burp Suite
(for web application testing),
Metasploit
(for exploitation),
Nmap
(for network scanning),
Nessus
(for vulnerability scanning),
Kali Linux
(a penetration testing distribution),
BloodHound
(for active directory analysis), or similar specialized security tools. Scripting Experience for Automation:
You possess strong
scripting experience
using languages such as
Python and/or PowerShell . This is crucial for automating testing procedures, validating vulnerabilities, developing custom exploits, and streamlining various security operations tasks. Solid IT Infrastructure Knowledge:
You have
solid knowledge of IT infrastructure , including
Windows/Linux systems
administration,
networking
fundamentals (routers, switches, firewalls), and
application security
principles. This holistic understanding allows you to identify vulnerabilities across the entire technology stack. Experience with Cloud Platforms and Security Assessments:
You have proven
experience with cloud platforms
(e.g.,
AWS, Azure, or Google Cloud ) and hands-on experience conducting
cloud security assessments . This indicates your ability to identify and mitigate risks in cloud-native environments, including misconfigurations, identity flaws, and insecure services. Mobile Application Security Understanding (Plus):
An
understanding of mobile application security (iOS/Android)
and
threat modeling
for mobile platforms is a significant plus, demonstrating a broader security expertise across diverse application types. Capture The Flag (CTF) Participation (Advantageous):
Participation in
Capture The Flag (CTF) events or other offensive security challenges
is advantageous, showcasing your practical skills, competitive drive, and continuous learning in offensive security techniques. Strong Analytical and Problem-Solving Skills:
You possess
strong analytical and problem-solving skills
with meticulous
attention to detail . This enables you to dissect complex security challenges, diagnose root causes, and devise effective, robust solutions. Excellent Communication and Interpersonal Skills:
You bring
excellent communication and interpersonal skills . This is vital for articulating complex technical findings to diverse audiences, collaborating effectively with cross-functional teams, and presenting security reports to leadership. Self-Driven, Curious, and Committed to Learning:
You are
self-driven, curious, and committed to continuous learning . This proactive mindset ensures you stay ahead of emerging threats and technologies in the fast-evolving cybersecurity landscape. Education and Experience: Your Foundational Expertise
Educational Background:
A
Bachelor’s degree in cybersecurity, computer science, or a related field
is required. Information Security Experience (7+ years):
You must have a minimum of
7 years of verifiable experience in information security or related roles , demonstrating a seasoned background in the field. Highly Desirable Certifications:
Certifications such as
GPEN (GIAC Penetration Tester), OSCP (Offensive Security Certified Professional), OSEP (Offensive Security Experienced Penetration Tester)
are highly desirable, validating expert-level offensive security skills. Additional Certifications (Plus):
Additional certifications like
CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CEH (Certified Ethical Hacker), or GIAC (Global Information Assurance Certification)
credentials are considered a plus, showcasing a broader understanding of cybersecurity domains. Job Features
Job Category IT, Security Apply For This Job
Name * Email * Phone * How did you hear about this job? * Attach Resume * Got Any Question?
If you are having any questions, please feel free to ask. eStreet Security closes the AI & cybersecurity skills gap with a 95% success rate. Our app delivers hands-on, project-based training, job placement with on-the-job support, red teaming GRC toolkits for regulatory compliance, and a pre-vetted talent marketplace. Copyright @ 2024eStreet Security.All Rights Reserved byeStreet!
#J-18808-Ljbffr
Lead Cybersecurity Specialist (Pentesting)
at one of NYC’s top law firms. This
permanent position , based
onsite in New York, NY , offers a competitive salary ranging from
$185,000 – $200,000 annually . This role is pivotal in safeguarding the organization’s digital infrastructure through proactive monitoring, threat detection, and advanced penetration testing of both cloud and on-premises environments. You’ll also support broader security operations and contribute to the deployment and maintenance of critical cybersecurity technologies across the firm. What You’ll Be Doing: Orchestrating Proactive Security and Threat Detection
As a Lead Cybersecurity Specialist with a strong focus on penetration testing, you will be at the forefront of the firm’s defense strategy. Your responsibilities will blend hands-on technical execution with strategic analysis and cross-functional collaboration to proactively identify and mitigate security risks. Monitor and Analyze Security Alerts and Logs:
You will meticulously
monitor and analyze security alerts and logs
from a wide array of sources. This includes data from
SIEM (Security Information and Event Management) systems ,
DLP (Data Loss Prevention) solutions ,
IDS/IPS (Intrusion Detection/Prevention Systems) ,
antivirus software ,
firewalls , and various
system logs . Your keen analytical skills will enable you to detect suspicious activity, anomalies, and potential threats to the firm’s digital infrastructure. Conduct Manual and Automated Penetration Testing:
You will lead the charge in
conducting both manual and automated penetration testing
across the firm’s diverse digital assets. This encompasses rigorous assessments of
web applications ,
APIs (Application Programming Interfaces) ,
networks ,
cloud platforms , and
mobile environments . Your hands-on testing will simulate real-world attacks to uncover vulnerabilities and assess risk exposure, providing a clear picture of the firm’s exploitable weaknesses. Simulate Real-World Attack Scenarios:
A critical aspect of your role will be to
simulate real-world attack scenarios
to uncover vulnerabilities and comprehensively assess the firm’s risk exposure. This proactive approach goes beyond basic scanning, diving deep into potential attack paths that might bypass standard defenses, thereby enhancing the firm’s overall resilience against sophisticated cyber threats. Develop Scripts and Automation Tools:
You will actively
develop scripts and automation tools
specifically designed to support testing and remediation efforts. This involves coding custom scripts (e.g., in Python, PowerShell) to automate vulnerability validation, streamline repetitive testing tasks, and facilitate the efficient remediation of identified security flaws, thereby increasing the effectiveness and scalability of the security team. Participate in Red Team Operations and Threat Modeling:
You will be a key participant in
red team operations , simulating adversarial tactics to test the firm’s defensive capabilities. You’ll also contribute to
threat modeling exercises , identifying potential threats and vulnerabilities in systems from a design perspective. Furthermore, you will engage in
collaborative purple team exercises , working with defensive teams to improve detection and response mechanisms based on offensive simulations. Assist in Configuring, Maintaining, and Troubleshooting Security Tools:
You will provide crucial assistance in
configuring, maintaining, and troubleshooting security tools and platforms . This includes ensuring that various cybersecurity solutions (e.g., SIEM, EDR, vulnerability scanners) are optimally configured, regularly updated, and functioning effectively to provide continuous protection and accurate threat intelligence. Enhance Monitoring Capabilities and Contribute to Framework:
You will play a vital role in continuously
enhancing monitoring capabilities
across the firm’s digital infrastructure. This involves identifying gaps in current monitoring, recommending new data sources, and helping to implement advanced detection mechanisms. You will also contribute to building and maintaining a robust
continuous security monitoring framework , ensuring constant vigilance over the firm’s security posture. Collaborate on Cybersecurity Initiatives:
You will foster strong relationships and
collaborate with internal teams
across the firm to support various cybersecurity initiatives. This partnership ensures that security measures are integrated seamlessly into business processes and technological deployments, and that all efforts align with overarching organizational objectives, embedding security into the firm’s DNA. What You Bring: Essential Skills and Qualifications for a Pentesting Leader
To excel as a Lead Cybersecurity Specialist (Pentesting), you’ll need extensive experience in offensive security, a deep understanding of cyber adversary tactics, and strong technical proficiency across various security domains and tools. Strong Understanding of Network Security Fundamentals:
You possess a
strong understanding of network protocols
(e.g., TCP/IP, DNS, HTTP), common
vulnerabilities
(e.g., misconfigurations, unpatched systems), various
attack vectors
(e.g., phishing, malware, brute force), and detailed
adversary tactics, techniques, and procedures (TTPs) . This comprehensive knowledge allows you to effectively identify and counter sophisticated threats. Proven Offensive Security Experience:
You have
proven experience in penetration testing, ethical hacking, or offensive security operations . This demonstrates your practical ability to simulate cyberattacks, identify exploitable weaknesses, and assess the firm’s security posture from an attacker’s perspective. Familiarity with Cybersecurity Frameworks and Standards:
You are familiar with key cybersecurity frameworks and standards such as
OWASP Top 10
(for web application security risks),
MITRE ATT&CK
(for adversary tactics and techniques),
CVSS (Common Vulnerability Scoring System)
for severity assessment, and common
exploitation techniques
(e.g., SQL injection, XSS, buffer overflows). This knowledge guides your testing and reporting. Proficiency with Security Test Tools:
You demonstrate
proficiency with industry-standard security test tooling . This includes hands-on experience with tools like
Burp Suite
(for web application testing),
Metasploit
(for exploitation),
Nmap
(for network scanning),
Nessus
(for vulnerability scanning),
Kali Linux
(a penetration testing distribution),
BloodHound
(for active directory analysis), or similar specialized security tools. Scripting Experience for Automation:
You possess strong
scripting experience
using languages such as
Python and/or PowerShell . This is crucial for automating testing procedures, validating vulnerabilities, developing custom exploits, and streamlining various security operations tasks. Solid IT Infrastructure Knowledge:
You have
solid knowledge of IT infrastructure , including
Windows/Linux systems
administration,
networking
fundamentals (routers, switches, firewalls), and
application security
principles. This holistic understanding allows you to identify vulnerabilities across the entire technology stack. Experience with Cloud Platforms and Security Assessments:
You have proven
experience with cloud platforms
(e.g.,
AWS, Azure, or Google Cloud ) and hands-on experience conducting
cloud security assessments . This indicates your ability to identify and mitigate risks in cloud-native environments, including misconfigurations, identity flaws, and insecure services. Mobile Application Security Understanding (Plus):
An
understanding of mobile application security (iOS/Android)
and
threat modeling
for mobile platforms is a significant plus, demonstrating a broader security expertise across diverse application types. Capture The Flag (CTF) Participation (Advantageous):
Participation in
Capture The Flag (CTF) events or other offensive security challenges
is advantageous, showcasing your practical skills, competitive drive, and continuous learning in offensive security techniques. Strong Analytical and Problem-Solving Skills:
You possess
strong analytical and problem-solving skills
with meticulous
attention to detail . This enables you to dissect complex security challenges, diagnose root causes, and devise effective, robust solutions. Excellent Communication and Interpersonal Skills:
You bring
excellent communication and interpersonal skills . This is vital for articulating complex technical findings to diverse audiences, collaborating effectively with cross-functional teams, and presenting security reports to leadership. Self-Driven, Curious, and Committed to Learning:
You are
self-driven, curious, and committed to continuous learning . This proactive mindset ensures you stay ahead of emerging threats and technologies in the fast-evolving cybersecurity landscape. Education and Experience: Your Foundational Expertise
Educational Background:
A
Bachelor’s degree in cybersecurity, computer science, or a related field
is required. Information Security Experience (7+ years):
You must have a minimum of
7 years of verifiable experience in information security or related roles , demonstrating a seasoned background in the field. Highly Desirable Certifications:
Certifications such as
GPEN (GIAC Penetration Tester), OSCP (Offensive Security Certified Professional), OSEP (Offensive Security Experienced Penetration Tester)
are highly desirable, validating expert-level offensive security skills. Additional Certifications (Plus):
Additional certifications like
CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CEH (Certified Ethical Hacker), or GIAC (Global Information Assurance Certification)
credentials are considered a plus, showcasing a broader understanding of cybersecurity domains. Job Features
Job Category IT, Security Apply For This Job
Name * Email * Phone * How did you hear about this job? * Attach Resume * Got Any Question?
If you are having any questions, please feel free to ask. eStreet Security closes the AI & cybersecurity skills gap with a 95% success rate. Our app delivers hands-on, project-based training, job placement with on-the-job support, red teaming GRC toolkits for regulatory compliance, and a pre-vetted talent marketplace. Copyright @ 2024eStreet Security.All Rights Reserved byeStreet!
#J-18808-Ljbffr